<img alt="" src="https://secure.refl3alea.com/149779.png" style="display:none;">

      Recommended Blogs

      • The P@$$W0rd is dead!

        Passwords have always been a burden on both clients, service providers and IT departments; Rules of complexity, how a ...

        Read More
      • Christmas shopping for an unusual year

        2020 has been a very interesting year and the majority of us have found that our plans for this year have gone directly ...

        Read More
      • Password security while using social media and online applications

        In 2018 Facebook disclosed that nearly 50 million accounts had been compromised by a large-scale attack on the social ...

        Read More
      • Keep your legal firm secure when posting content on company social media accounts

        Picture this - You have a fantastic photo of a colleague celebrating a work achievement with a cake at their desk and ...

        Read More
      • Sprout Sessions - UK Legal - Cyber Security Early Adopters

        Watch the recording of our webinar on the 18th June 2020.   

        Read More
      Data security and your work from home policy
      BY Ian Bernhardt

      During the last five to ten years, the legal sector in the UK has shown itself to be welcoming of new technology and the opportunities it brings.



      From our own experience as a legal IT services company, we have devised, in collaboration with clients, bespoke security procedures for staff as part of a work from home policy or a remote work policy.


      The advantages to allowing staff to work anywhere are clear in an era when employees are increasingly demanding flexible working and clients want you to visit them at their premises.


      If your solicitors’ practice or barristers’ chambers currently have no policies in place, your first question to us during the current coronavirus crisis is how to maintain security when employees work remotely. With that in mind, we have written this article covering remote working security risks with the specific intention of sharing as many working from home security tips as possible.


      We’ll cover:

      • why colleagues should be vigilant about each email and phone call they receive
      • the importance of a firewall for added security
      • what a VPN is and how to connect colleagues working from home to one
      • the importance of password security and multi-factor authentication
      • why you should use secure cloud services for additional protection and for backing up data
      • why connecting via an ethernet cable when working from home is more secure than connecting via Wi-Fi
      • the protections offered to your company by anti-virus software
      • encrypted messaging services

      businessman hand working with modern technology and digital layer effect as business strategy concept


      Verify each email or phone call you receive

      Most data protection breaches and cyberattacks occur through social engineering – a series of tricks and deceptions designed to short circuit our normal decision-making process leading to our doing something to damage our company and benefit the fraudster.


      If you get a phone call or email from Adam from personnel or Lucy from accounts, how well do you know Adam or Lucy? Do you recognise their writing style or from their tone of voice? Are they asking you to do something unusual? Are Adam and Lucy on LinkedIn and do they divulge a lot on their profile which a fraudster could take advantage of?


      Without your colleagues around you as you sit in lockdown, you don’t have your colleagues to ask whether something is normal or not. Tell your staff to trust their own instincts – if something does not feel right or it feels unusual, contact a higher authority direct for clarification.



      Set up a firewall

      Firewalls are a barrier between the internet and the device you’re using which is connected to the internet. Their job is to stop data leaks from your device and to prevent the download of malware. Most devices have a built-in firewall and your staff may have firewalls incorporated into their home internet router.


      Whilst, in most cases, these firewalls will do, they need to be switched on. Many believe that switching a firewall on makes the internet slower – it doesn’t. But, even if it did, it’s better to wait half a second more for a file to download than potentially expose the contents of that file to a hacker.


      You may wish to encourage your staff to download a free firewall like AVS or ZoneAlarm. Alternatively, contact us about our Firewall-as-a-Service offering for your entire network.



      Set up a VPN for your staff

      Virtual Private Networks (VPNs) allows you and your members of staff to route your internet tracker through a server of your choice. For consumers, they’re used to protect user identity and prevent the display of location-related advertisements.


      Built into VPN services is end-to-end encryption meaning that, in the event that someone manages to intercept a member of staff’s internet traffic, the contents are unreadable and indecipherable.


      Most VPNs charge for their services however market-leader ExpressVPN is offering a 30-day money back guarantee on its services. Try to avoid the free services if you can.



      Password security and multi-factor authentication

      Weak passwords are, perhaps, the main reason why so many companies’ systems are compromised by cybercriminals. Recently, the UK Government was considering a bill to make services providers (ISPs, banks, broadband providers, and so on) refuse suggested user passwords if they were deemed as too easy to guess.


      Remembering lots of different passwords for different services is undoubtedly one of modern life’s frustrations and, at some human level, we can understand why people use them. You should consider supplying staff with password management software when working remotely.


      You may also wish to consider Multi Factor Authentication for log-ins to your company network for added security.



      Use secure cloud services for back-up

      Many legal firms now use secure cloud services to both run the apps and programs they need to run their practice or chambers as well as providing a back-up of all company information in case of, for example, a ransomware attack.


      By their very nature, the company information and sensitive data you hold will be in almost permanent transit across the internet especially if colleagues are adding to and manipulating the data held. Security, in this sense, means that the information is encrypted at all times when transmitted between the cloud and the device connecting to it.



      Wi-Fi or ethernet?

      All Wi-Fi can be hacked – even the Wi-Fi in your home or a colleague’s home. Make sure that the password you connect to your Wi-Fi with is very hard to guess.


      If possible, you should log onto the internet on any equipment you have via an Ethernet port (that is, a physical connection between your route and your device). This is, of course, very difficult with smartphones and tablets this is difficult meaning that the use of VPNs and secure cloud services is of particular importance on these devices.



      Use anti-virus software

      Firewalls are successful in stopping nearly every threat to the security of any devices using them however it is possible to get around it. Anti-virus software detects potential issues on any web page you visit or in any email attachment warning you before you proceed that there may be a security issue.



      Use encrypted messaging services

      Where possible, try to keep as much of your internal communications off the email network. Although there have been improvements in security since the invention of email over 50 years ago, it’s surprising just how easy it is for hackers to intercept and manipulate emails.


      You may wish to set up Slack, Monday, or Flock – all encrypted messaging apps available for both desktop, laptop, tablet, and smartphone – to communicate on case work, customer billing, and so on. For more trivial matters, phone-based apps like WhatsApp and Telegram are encrypted and secure.



      Finally, keep your staff busy and allow them to connect with each other

      And on the subject of apps like WhatsApp and Telegram and not on the subject of data protection, you should consider using technology to allow staff to communicate with each other so that there is still a sense of teamwork and togetherness.


      Most legal practices are very busy organisations where staff have many demands placed upon them which need prioritising. As stressful as that busyness might be sometimes, it’s also the special magic that drives collaboration and cooperation between staff and workplace friendships.


      Now that the vast majority of your staff (if not all of them) may be stuck at home, idleness and loneliness will take its toll of some of your team. Working for your firm is part of their identity and, against their will, that part of their identity has been compromised by the lockdown.


      Keep your people busy – even if it’s writing blogs for the website or calling up existing clients to find out how they’re coping with the current situation.


      And perhaps, once a day, allow your team or your departments to communicate via a phone or video conferencing facility so they can still speak to (and see) each other. As much as we have to think about getting through the lockdown, we’ve got to be ready for when things return to normality (whatever that might be on the other side of this).


      Take advantage of our assistance – Sprout IT

      For companies in the legal sector without either a work from home security policy or a remote working security policy, we strongly recommend that, on the conclusion of the current economic and societal upheaval, you call Sprout IT to help you device and implement one.


      While many of the threats we have described in this article may appear difficult for any cyberattacker to pull off, you underestimate their opportunism at your peril. To borrow a cliché, your staff only need to get it wrong once for a breach to occur.


      To get in contact with our team about data securing and work from home policies, please call Sprout IT today on 020 7036 8530 or email us.


      If you need more information on how to securely work from home, visit our Legal Remote Security Hub page. 



      GDPR data security data protection law data protection data protection officer remote working covid-19